You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
PFA the patch that uses one-way password hash for subethamail users.
The encryption at the moment is SHA 256 which provide us modest
security which is better than plain passwords.
My primary goal was to get rid of plain passwords while not modifying
too many of subethamail files and existing functionality/schema.
To make the patch work on existing PostgreSQL database, steps similar
to following need to be taken (via psql or your favourite tool):
1. Enable pgcrypto contrib module by executing
share/postgresql/contrib/pgcrypto.sql (tested on vanilla PostgreSQL
9.0 - it is required to get sha256 hash within PG)
2. UPDATE subetha.person SET passwd=encode(digest(passwd,'sha256'),'hex');
Original issue reported on code.google.com by [email protected] on 15 Nov 2010 at 10:31
Original issue reported on code.google.com by
[email protected]on 15 Nov 2010 at 10:31Attachments:
The text was updated successfully, but these errors were encountered: